Although the first legal conceptions of commercial privacy were identified in Samuel Warren and Louis Brandeis’s foundational 1890 article, The Right to Privacy, conceptually, privacy has existed since as early as 1127 as a natural concern when navigating between personal and commercial spheres of life. As an extension of contract and tort law, two common relational legal models, U.S. privacy law emerged to buoy engagement in commercial enterprise, borrowing known legal conventions like consent and assent. Historically, however, international legal privacy frameworks involving consent ultimately diverged, with the European Union taking a more expansive view of legal justification for processing as alternatives to consent. Unfortunately, consent as a procedural substitute for individual choice has created a number of issues in achieving legitimate and effective privacy protections for Americans. The problems with consent as a proxy for choice are well known. This Article explores the twin history of two diverging bodies of law as they apply to the privacy realm, then introduces the concept of legitimate interest balancing as an alternative to consent. Legitimate interest analysis requires an organization to formally assess whether data collection and use ultimately result in greater benefit to individuals than the organization with input from actual consumers. This model shifts responsibility from individual consumers having to protect their own interests to organizations that must engage in fair data use practices to legally collect and use data. Finally, this Article positions the model in relation to common law, federal law, Federal Trade Commission activities, and judicial decision-making as a means for separating good-intentioned organizations from unethical ones.
Author: Charlotte A. Tschider
Volume 22, Issue 4